A blog to share security, networking and cloud related technology information as @vCloudernBeer picked up on his search for his destiny in the cloud. (LinkedIn: https://www.linkedin.com/in/chowanthony)

Thursday, November 13, 2014

OpenStack Series: Part 13 - Docker in OpenStack

Often time there is the notion that with Docker, the Linux
Container technology is going to replace server virtualization. The reasoning for this thought is that with
Linux Container virtualize application on the operating system level in which the
hypervisor is no longer needed.

Another camp of thought is that container does not have the
robustness and enterprise ready feature such as resource allocation management,
high availability or even manageability that can be offered by VMware.

I have an article that mention combining the container technology and hypervisor is the best of both world and this is why VMware is embracing this technology with project Fargo.

Docker is an orchestration or packaging tool that allows
applications and their dependencies to run on container technology.

Docker is also being deploy in OpenStack Nova as a form of hypervisor type. It was introduced in the Havana release but is being left out for the main development tree and due to popularity of Docker it will be updated and introduce back to to the main project in the Kilo release. I think a lot more development effects will be put in to integrating Docker into OpenStack and make it a powerful tool for the enterprise IT. There are talks about putting SDN into Docker which lead to the possibility of putting Network Function Virtualization into a container instead of a full blow virtual machine - NFD (Network Function Dockerization) <- a new name that I come up with based on the word "Dockerize"

Docker takes advantage of containers and filesystem technologies in a
high-level which are not generic enough to be managed by libvirt.

Process-level
API:
Docker can collect the standard outputs and inputs of the process running
in each container for logging or direct interaction, it allows blocking on
a container until it exits, setting its environment, and other
process-oriented primitives which don’t fit well in libvirt’s abstraction.

Advanced
change control at the filesystem level: Every change made on the
filesystem is managed through a set of
layers which can be snapshotted, rolled back, diff-ed etc.

Image
portability:
The state of any Docker container can be optionally committed as an image
and shared through a
central image registry. Docker images are designed to be portable
across infrastructures, so they are a great building block for hybrid
cloud scenarios.

Build
facility: Docker can automate the assembly of a container from an application’s
source code. This gives developers an easy way to deploy payloads to an
OpenStack cluster as part of their development
workflow.

Currently Docker is in two of the OpenStack projects - Nova and Heat

Docker in OpenStack Nova

Docker is not a hypervisor but in Nova it is considered as a hypervisor type. Docker is listed as a Group C hypervisor which means not much testing is done with the driver. I think this will be changed in the Kilo release.

The Docker drive in Nova is basically a HTTP client that passes RESTful API into Docker. This drive will load the Docker image from OpenStack Glance and load the image into the Docker filesystem. Older version of this Docker drive needs a private docker-registery which in turns proxy to Glance but this is no longer necessary. (I have an article that talks about Docker image, register).

Scott Lowe (@scott_lowe) had 2 great articles on Heat template for Dockers here and here with reference link to another post of his on OpenStack Heat. If you want a quick overview of OpenStack Heat, I have one article on this subject in my OpenStack series.

Docker + OpenStack = PaaS
I think one of the use case for using Docker in an OpenStack environment is to take advantage of the nice feature of Docker which is lightweight, fast provisioning and portable to build a Platform as a Service. There are cases we need a mature hypervisor with all the build-in High Availability and Resource Scheduling features but in some case a container is the best way to go. In fact OpenStack is actively working on High Availability in different parts of the infrastructure and in due time this will augment the Docker technology to be enterprise ready.

There is already a project - Solum to leverage OpenStack for application delivery. OpenStack has a page for Solum which talks about the goal, resource and FAQ of this project in the context of OpenStack.